Benefit of show ip arp command
ChickenNuggetz
Member Posts: 284
in CCNA & CCENT
Hey guys, this is probably going to sound like a trivial question, but here it goes:
What's the benefit of using the show ip arp command? I'm using Odom's Second Edition CCENT book (Router and IP troubleshooting chapter) and it doesnt really explain the benefit of this command? Can anyone give me a real world scenario or application for this?
Thanks for the help!
What's the benefit of using the show ip arp command? I'm using Odom's Second Edition CCENT book (Router and IP troubleshooting chapter) and it doesnt really explain the benefit of this command? Can anyone give me a real world scenario or application for this?
Thanks for the help!
:study: Currently Reading: Red Hat Certified Systems Administrator and Engineer by Ashgar Ghori
Certifications: CCENT; CCNA: R&S; Security+
Next up: RHCSA
Certifications: CCENT; CCNA: R&S; Security+
Next up: RHCSA
Comments
-
Monkerz
Member Posts: 842
Read my post in this thread. Not the greatest real world scenario, but it is one.
http://www.techexams.net/forums/off-topic/74171-sometimes-you-forget-simple-troubleshooting-ey.html#post603093 -
SteveO86
Member Posts: 1,423
I ran into the following issue a few months:
One of my clients got a cable connection for backup connectivity. Problem was the connection would only stay active for about 5 minutes or so. The static route was configured to go out an interface not to the IP that was default gateway for this cable circuit. So I switched the route and the connection worked again.... for five minutes, then went down so I switched the static route again and it worked.... for 5 minutes. Now when the backup connection went down it went down completely and I could not ping the default gateway no nothing.
Then after a little bit of thinking I cleared the arp cache on the router and connection worked again... but then it died again 5 minutes later. So I debugged arp to find the carrier cable modem was sending arp message sourced from multiple mac addresses. I sent the output to the carrier and had them replace the modem. As a work around I created a kron job to clear the arp cache every 3 minutes on the router to keep the connection active
However looking at the arp table is an easy way to verify layer 1/2 connectivity to devices. Especially if they do not reply to ping.My Networking blog
Latest blog post: Let's review EIGRP Named Mode
Currently Studying: CCNP: Wireless - IUWMS -
SubnetZero
Member Posts: 124
Once in a while we get tickets to locate machines based on IP address only. This is one instance where the "show ip arp" command comes in handy since it allows us to get the MAC address and trace it back to the IDF in question.
So if all I have is an IP address of 10.186.43.153 how can I find the IDF and switchport in question? The ARP and CAM tables! Here is an example:
CH-Dist-1#show ip arp 10.186.43.153
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.186.43.153 2 0018.f3e4.f5c3 ARPA Vlan40
CH-Dist-1#show mac-add add 0018.f3e4.f5c3
Legend: * - primary entry
age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
+
+
+
+
+
Supervisor:
* 40 0018.f3e4.f5c3 dynamic Yes 5 Te1/1
CH-Dist-1#show cdp neigh te1/1
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
CH-Dist-2.vhs Ten 1/1 168 R S I WS-C6509-ETen 1/1
At this point we will login to the next switch and trace this MAC from there
CH-Dist-2#show mac-add add 0018.f3e4.f5c3
Legend: * - primary entry
age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
+
+
+
+
+
Supervisor:
* 40 0018.f3e4.f5c3 dynamic Yes 0 Gi3/8
CH-Dist-2#show cdp ne gi3/8
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
CH6506-IDF-5A.vhs
Gig 3/8 140 R S I WS-C6506-EGig 5/2
CH6506-IDF-5A#show mac-add add 0018.f3e4.f5c3
Legend: * - primary entry
age - seconds since last seen
n/a - not available
vlan mac address type learn age ports
+
+
+
+
+
Active Supervisor:
* 40 0018.f3e4.f5c3 dynamic Yes 25 Gi2/48
CH6506-IDF-5A#sh run int gig2/48
Building configuration...
Current configuration : 249 bytes
!
interface GigabitEthernet2/48
description -=Pyxis=-
switchport
switchport access vlan 40
switchport mode access
switchport nonegotiate
no cdp enable
spanning-tree portfast edge
spanning-tree bpduguard enable
spanning-tree guard root
end
So based on this information I know that computer is on the 5th floor on blade 2 port 48.
Another time this is useful is when you change out a machine and give it the same IP address as before. The problem is that while the CAM entries age out every 5 minutes, the default ARP table aging time is 4 hours! What you will find is that there are two ARP entries for the same IP address, one for the old MAC address and one of the new one. You can see this with the "show ip arp <address>" command. To fix you should manually clear the ARP entry with the "clear ip arp <address>" command.
Just a few reasons to use the command...
HTH
While no trees were harmed in the transmission of this message, several electrons were severely inconvenienced :cool: -
kevyn_jr
Registered Users Posts: 1 ■□□□□□□□□□
Thank you so much for this step by step troubleshooting using SHOW IP ARP, it really helped me understand on how to work around ARP command!! this is so great and easy to understand especially with examples you included makes it so easy to follow. -
netsysllc
Member Posts: 479 ■■■■□□□□□□
If you ping a device a firewall on the device may block the ICMP response but you will still get a MAC address from ARP and know the device is there